Trusted public infrastructure grid cloud

ABSTRACT

Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.

RELATED APPLICATION

This application is a Divisional application of and is related andclaims priority to U.S. patent application Ser. No. 13/459,593 filed onApr. 30, 2012, entitled “TRUSTED PUBLIC INFRASTRUCTURE GRID CLOUD”, theentirety of which is incorporated herein by reference.

BACKGROUND

Prior attempts to build cloud grids focus on rapid service enablement,accurate billing, and quality of service. The prior solutions attempt toprovide easier ways to design a requested information technology (IT)system, and focus on automation and optimization of the location of thecorresponding manager grid. There exists no known prior cloud gridsystem with a complete security system built into it at theinfrastructure level.

BRIEF SUMMARY

Methods and systems help secure a grid cloud by adding security policyinstantiation at an infrastructure design stage, among other measures.The infrastructure designed may create a compliance report todemonstrate that the designed infrastructure satisfies a securitypolicy. Access and network separations according to application tiers ofa tenant (e.g. user) may be realized. The methods and systems may beused to merge security and infrastructure design to increase trust andsecurity in cloud systems.

In further embodiments, systems may provide transparency which mayinclude compliance reports on actual usage and access to cloud computingcomponents. Trust between consumers of cloud grid systems and providersmay be proven, and based on more than just reputation. In an exampleembodiment users are segmented to have different access privilegesthrough the use of security policies. Segmentation may also be providedat the application level of a particular user. All segmentation may bewithin the same grid and may increase efficiency of the cloud grid.

In an example, a designer of a cloud grid selects a cloud grid componentand a security policy, including a security level, to be assigned to thecomponent. The security policy choice can be made based on business,architecture, or any other segmentation reason. Cloud gridinfrastructure, security, and a security agent may be installedautomatically. If an entity (e.g. a person or a balancing system) isattempting to move a cloud grid component, a security policy at the newlocation of the component can be analyzed and the security policy at thenew location can be altered to ensure that proper security for the movedcomponent is maintained.

In an example embodiment a trusted public infrastructure cloud grid mayinclude a system comprising a first module to facilitate selecting atleast two cloud computing component templates from a cloud computingcomponent catalog. The system may further comprise a second module tofacilitate defining a connection between the at least two selected cloudcomputing component templates. The system may further comprise a thirdmodule to facilitate assigning a security level and a policy to at leastone of the at least two selected cloud computing component templates.The system may further comprise a fourth module to facilitate building acloud computing component blueprint for the connected cloud computingcomponents, wherein the cloud computing component blueprint includesinformation regarding the security level and policy assigned to thecorresponding cloud computing component template, and the cloudcomputing component blueprint including information regarding thedefined connection. The system may further comprise a fifth module tofacilitate coupling cloud computing components corresponding to thecloud computing component blueprint to a control server.

In an example embodiment a trusted public infrastructure cloud grid mayinclude a system comprising a secured cloud system design studio, anapplication manager, and a control server. A secured cloud system designstudio may comprise a policy builder that facilitates design of asecurity policy for a cloud computing component to comply with, a policyimporter that facilitates the import of a security policy for a cloudcomputing component to comply with, and a design studio that facilitatesdesigning secured and non-secured cloud computing components to bedeployed in a cloud environment. The design of a secured cloud computingcomponent may include instantiating a security policy that a cloudcomputing component must comply with, and instantiating a security agentthat monitors compliance with the security policy. A security agent(“agent”) may send compliance data to a control server, and a cloudcomputing component catalog. A cloud computing component catalog mayinclude cloud computing component templates that a design studio can useto help facilitate the design of cloud computing components. A cloudcomputing component template may include a template for a secured cloudcomputing component. An application manager may comprise a grid deployerthat deploys a designed cloud computing component, and a compliancereports module that creates compliance reports. A compliance report mayidentify compliance status of a deployed, secured cloud computingcomponent. Compliance reports may be created as a function of aninstantiated security policy and compliance data. A control server maycomprise a policy distributor, wherein the policy distributor receivesinformation regarding changes in an instantiated security policy to beimplemented on a cloud computing component and the policy distributorupdates the security policy accordingly. A trusted public infrastructurecloud grid may comprise a virtualization environment including adeployed, secured cloud computing component. A deployed, secured cloudcomputing component may include a security agent that maintains andenforces a security policy to be followed by a deployed, secured cloudcomputing component. An agent may send cloud computing componentcompliance information to a control server.

According to an example embodiment a method of creating a trusted publicinfrastructure cloud grid may comprise selecting at least two cloudcomputing component templates from a cloud computing component catalog,defining connections between the at least two selected cloud computingcomponent templates, assigning a security level and a policy to at leastone of the at least two selected cloud computing component templates,building a cloud computing component blueprint for each selected cloudcomputing components, and coupling relevant cloud computing componentsthat have a corresponding cloud computing component blueprint to acontrol server. A cloud computing component blueprint may includeinformation regarding a security level and policy assigned to acorresponding cloud computing component. A cloud computing componentblueprint may include information regarding defined connectionscorresponding to a cloud computing component.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present disclosure are illustrated by way of example andare not limited by the accompanying figures with like referencesindicating like elements.

FIG. 1 is a block diagram of a system capable of facilitating the designof secure cloud systems according to an example embodiment.

FIG. 2 is a flow diagram of a method of creating a virtual computingenvironment according to an example embodiment.

FIG. 3 is a flow diagram of a method of deploying a virtual computingenvironment according to an example embodiment.

FIG. 4 is a flow diagram of a method of updating a virtual computingenvironment according to an example embodiment.

FIG. 5 is a flow diagram of a method of generating compliance reportsaccording to an example embodiment.

FIG. 6 is a block diagram of a computer system to implement methodsaccording to an example embodiment.

DETAILED DESCRIPTION

As will be appreciated by one skilled in the art, aspects of the presentdisclosure may be illustrated and described herein in any of a number ofpatentable classes or context including any new and useful process,machine, manufacture, or composition of matter, or any new and usefulimprovement thereof. Accordingly, aspects of the present disclosure maybe implemented entirely hardware, entirely software (including firmware,resident software, micro-code, etc.) or combining software and hardwareimplementation that may all generally be referred to herein as a“circuit,” “module,” “component,” or “system.” Furthermore, aspects ofthe present disclosure may take the form of a computer program productembodied in one or more computer readable media having computer readableprogram code embodied thereon.

Any combination of one or more computer readable media may be utilized.The computer readable media may be a computer readable signal medium ora computer readable storage medium. A computer readable storage mediummay be, for example, but not limited to, an electronic, magnetic,optical, electromagnetic, or semiconductor system, apparatus, or device,or any suitable combination of the foregoing. More specific examples (anon-exhaustive list) of the computer readable storage medium wouldinclude the following: a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an appropriateoptical fiber with a repeater, a portable compact disc read-only memory(CD-ROM), an optical storage device, a magnetic storage device, or anysuitable combination of the foregoing. In the context of this document,a computer readable storage medium may be any tangible medium that cancontain, or store a program for use by or in connection with aninstruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device. Program codeembodied on a computer readable signal medium may be transmitted usingany appropriate medium, including but not limited to wireless, wireline,optical fiber cable, RF, etc., or any suitable combination of theforegoing.

Computer program code for carrying out operations for aspects of thepresent disclosure may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB.NET,Python or the like, conventional procedural programming languages, suchas the “C” programming language, Visual Basic, Fortran 2003, Perl, COBOL2002, PHP, ABAP, dynamic programming languages such as Python, Ruby andGroovy, or other programming languages. The program code may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider) or in a cloud computing environment or offered as aservice such as a Software as a Service (SaaS).

Aspects of the present disclosure are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatuses(systems) and computer program products according to embodiments of thedisclosure. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable instruction executionapparatus, create a mechanism for implementing the functions/actsspecified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that when executed can direct a computer, otherprogrammable data processing apparatus, or other devices to function ina particular manner, such that the instructions when stored in thecomputer readable medium produce an article of manufacture includinginstructions which when executed, cause a computer to implement thefunction/act specified in the flowchart and/or block diagram block orblocks. The computer program instructions may also be loaded onto acomputer, other programmable instruction execution apparatus, or otherdevices to cause a series of operational steps to be performed on thecomputer, other programmable apparatuses or other devices to produce acomputer implemented process such that the instructions which execute onthe computer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

FIG. 1 depicts a system 100 used to design an at least partially securecloud computing system. System 100 may include a public infrastructure102 and a virtualization environment 108. Public infrastructure 102 mayinclude a designer 104, a control server 108, and an application manager106. Designer 104 may include a design studio 112, a policy importer114, a policy builder 116, a blueprints module 120, a cloud computingcomponent catalog 118, a secured templates module 122, and a non-securedtemplates module 124. Application manager 106 may include a griddeployer 126, a deployment tracker 128, and a compliance reports module130. Control server 108 may include a policy distributor 134 and acompliance analyzer 132. Virtualization environment 108 may include anon-secured cloud computing component module 138 and a secured cloudcomputing component module 136. Secured cloud computing component module136 may include an agent 140.

Design studio 112 may be coupled to policy importer 114, policy builder116, cloud computing component catalog 118, and blueprints module 120 tohelp facilitate the design of cloud computing components. Design studio112 allows a user to model both secured and non-secured virtualapplications. Virtual applications are designs of cloud grids includinga virtual machine, secured or non-secured, and/or other cloud computingcomponents. As used herein, a cloud computing component can be a virtualmachine or any other hardware or software related to implementing acloud grid. A user may interact with design studio 112 through a userinterface. The user interface may allow a user to interact through adisplay and a user input device including but not limited to a keyboard,touchpad, and mouse. The user interface may allow for the drag and dropof virtual computing instruments that represent cloud computingcomponents. Design studio 112 may allow a user to assign securityattributes and policies to cloud computing components. Design studio 112may allow a user to assign policies to cloud computing components. Apolicy assigned to a specific cloud computing component may be retrievedfrom policy importer 114. A policy assigned to a specific cloudcomputing component may be designed using policy builder 116. Designstudio 112 may provide an environment to facilitate the selection ofcloud computing component templates, selection of virtual datacenterresources, and assignment of security policies to the cloud computingcomponent templates. The security policies may include securityattributes to be assigned to a cloud computing component.

As used herein a “security attribute” is a label that may be assigned toa cloud computing component. The security attribute may control whichsecurity policies are assigned to a cloud computing component. Forexample, a security attributes may include “public,” “secret,”“isolated,” or “top secret,” among others. A “security policy” (or“policy”) associated with security attribute secret or top secret may be“deny access to network unless username, password, and IP address areverified.” As used herein “security level” is a numeric representationcorresponding to a specific security attribute. A security level may beany number within any range of numbers that allows for a sufficientnumber of security attributes, and combinations of security attributes,to be defined. A security level may define how secure a cloud computingcomponent is. A security level may correspond to a single securityattribute or a combination of security attributes. In an example abigger security level number corresponds to a cloud computing componentthat is to be subject to more stringent security requirements. A cloudcomputing component may include more than one security attribute.

Policy builder 116 may be used to design a security policy for a cloudcomputing component that may be deployed in virtualization environment108. A security policy may become a part of a secured template whenbuilding a cloud grid using design studio 112. Adding a security policyto secure a template may be done manually where a user may define asecurity policy that a specific cloud computing component templateshould have. Adding a security policy to a template may be doneautomatically where a user specifies a security level to be attained anda corresponding security policy is added to the template. A securedtemplate is a cloud computing component template that has been assigneda security policy, a security attribute, and/or a security level. Anon-secured template is a cloud computing component template that hasnot been assigned a security policy, security attribute, or securitylevel. Policy builder 116 may facilitate the design of a security policyfor a cloud computing component to comply with.

Policy importer 114 is a module that may facilitate an import of asecurity policy from an external storage device, such as a database. Theimported security policy may be added to a cloud computing componenttemplate. Policy importer 114 and/or policy builder 116 may store a listof available policies that may be added to cloud computing components.The list stored by policy importer 114 and/or policy builder 116 may bea complete list of all the available security policies that may be addedto cloud computing component templates. Policy importer 114 mayfacilitate the import of a security policy for a cloud computingcomponent to comply with.

Templates corresponding to cloud computing components may be stored incloud computing component catalog 118. Secured cloud computing componenttemplates may be stored in secured templates module 122. Non-securedcloud computing component templates may be stored in non-securedtemplates module 124. Cloud computing component catalog 118 may includecloud computing component catalog templates which design studio 112 mayuse to help facilitate the design of cloud computing components to bedeployed.

Blueprints module 120 may store cloud computing component applicationblueprints created using, in part, design studio 112. Blueprints module120 may be coupled to application manager 106. Blueprints module 120 maybe coupled to grid deployer 126 to facilitate the transfer of datarequired to deploy an application. Blueprints module 120 may be coupledto deployment tracker 128 so that the location of a deployed applicationcan be tracked. Blueprints stored in blueprints module 120 may bedeployment descriptors that can be used by grid deployer 126 to aid indeploying a cloud computing component application. In an exampleembodiment a deployment descriptor is an extensible markup language(XML) file which contains information including how to deploy a cloudcomputing component, what security attributes, security policies, andsecurity levels the cloud computing component should have, and how thecloud computing component should be configured and/or connectionsbetween them.

As used herein a “template” is a definition of a specific cloudcomputing component. As used herein a “blueprint” is a combination ofany number of definitions of cloud computing components, policies,security attributes, security levels, and connections between them.

Grid deployer 126 is a part of application manager 106. Grid deployer126 may be coupled to virtualization environment 108 to facilitate thedeployment of cloud computing components. Grid deployer 126 may becoupled to deployment tracker 128 to allow for storage of datacorresponding to deployed cloud computing components. Grid deployer 126may use blueprints from blueprints module 120 to deploy a cloudcomputing component in virtualization environment 108. Grid deployer 126may deploy a cloud computing component when the virtual environmentproperties of the cloud computing component are sufficiently defined.Grid deployer 126 may be coupled to blueprints module 120 so that datarelevant to deploying an application may be communicated to griddeployer 126. Grid deployer 126 may deploy designed cloud computingcomponents as a function of the data contained in relevant cloudcomputing component blueprints. Designed cloud computing components maybe included in a cloud computing component application which includes acorresponding cloud computing component application blueprint. Griddeployer 126 may request additional information including host name,network settings, or administrator password, etc., before deploying acloud computing component. Information requested by grid deployer 126may be dependent on the attributes of the environment in which the cloudcomputing component is to be deployed. These attributes are called“virtual environment properties” herein.

Deployment tracker 128 may store previously completed cloud computingcomponent application deployments. Deployment tracker 128 may be coupledto control server 108. Deployment tracker 128 may be coupled to policydistributor 134 to facilitate retention of what the current securityattributes, security policies, and security level has been assigned to acloud computing component, if any. Deployment tracker 128 may be coupledto compliance reports module 130 to help facilitate the transfer of datarelevant to creating compliance reports. If a security policy has beenmodified, or the meaning of a security level has been updated, and thereare cloud computing components with a corresponding security policystored in deployment tracker 128, then deployment tracker 128 may send anotice to policy distributor 134. Policy distributor 134 may then updatethe cloud computing component with a new security policy.

Compliance reports module 130 may create and store compliance reports.Compliance reports may provide compliance status of a deployed cloudcomputing component. Compliance reports stored in compliance reportsmodule 130 may provide the security status of a deployed cloud computingcomponent. Compliance reports may be created as a function of theassigned security policy and compliance data. Compliance reports mayprovide an indication as to whether a deployed cloud computing componentis up to date with the corresponding security policy defined for thecloud computing component. Compliance reports module 130 may be coupledto control server 108. Compliance reports module 130 may be coupled tocompliance analyzer 132 to facilitate the creation of compliancereports. Compliance reports module 130 may be coupled to policydistributor 134 to facilitate communication of data relevant to creatingcompliance reports.

In an example, compliance status may include different levels ofcompliance including “compliant,” “deviations exist,” and “nocompliance.” Compliance status may be determined by comparing how adeployed cloud computing component should have been configured (e.g. byusing a blueprint) and comparing that to the actual configuration of thedeployed cloud computing component.

Compliance analyzer 132 may be a part of control server 108. Complianceanalyzer 132 may be coupled to virtualization environment 108.Compliance analyzer 132 may be coupled to secured cloud computingcomponent module 136 to facilitate the transfer of data relevant tocreating compliance reports. Compliance analyzer 132 may be coupled toagent 140 for at least the same reason. Compliance analyzer 132 maycollect compliance information from secured cloud computing componentmodule 136. Information collected by compliance analyzer 132 may be sentfrom agent 140. Information collected by compliance analyzer 132 may beinformation relevant to compliance reports created by compliance reportsmodule 130. Compliance information may correspond to a security relatedevent that occurred in virtualization environment 108. The securityrelated event may be a user attempting to access a cloud computingcomponent that the user does not have authorization to access. Thesecurity related event may be any activity that attempts to violate thesecurity policy corresponding to a cloud computing component.

Policy distributor 134 may be a part of control server 108. Policydistributor 134 may be coupled to virtualization environment 108 tofacilitate the communication of data relevant to implementing and/orupdating a security policy on a cloud computing component. Policydistributor 134 may be coupled to secured cloud computing componentmodule 136 to facilitate communication of a security policy that a cloudcomputing component must comply with. Policy distributor 134 may becoupled to agent 140 for at least the same reason. Policy distributor134 may be responsible for deploying security policies to the relevantsecured cloud computing components. The security policy distributed bypolicy distributor 134 may be created using policy builder 116 orretrieved using policy importer 114. The security policy distributed bypolicy distributor 134 may be received from deployment tracker 128.Deployment tracker 128 may determine that a security policy on adeployed cloud computing component may be updated and alert policydistributor 134 as to which cloud computing component may be updated andhow the cloud computing component should be updated. Policy distributor134 may update a security policy on a deployed cloud computing componentwhen an authorized user makes a request to update a security policy onthe deployed cloud computing component. An authorized user may be anyonewho has been given clearance to update or modify a security level of adeployed cloud computing component. An authorized user may also beanyone who is allowed to modify a blueprint (e.g. a security officer) oranyone who has been given access to change attributes on a specificdeployment environment (e.g. an operator), among others. Definitions ofwho is allowed to be an authorized user may be managed on a given systemthrough the use of user management tasks. Policy distributor 134 maycollect compliance information from secured cloud computing componentmodule 136. The information collected from secured cloud computingcomponent module 136 may correspond to the current compliance status ofthe particular cloud computing component. The information collected fromsecured cloud computing component module 136 may correspond todeviations from a security policy that may exist, or existed at sometime, on a deployed cloud computing component. Deployed cloud computingcomponents include all machines or components deployed in virtualizationenvironment 108. Cloud computing components contained in virtualizationenvironment 108 may include non-secured cloud computing components,secured cloud computing components, and other cloud computing componentsincluding network routers, storage devices, firewalls, and loadbalancers.

Virtualization environment 108 may include a secured cloud computingcomponent module 136 and non-secured cloud computing component module138. Secured cloud computing component module 136 may include a deployedcloud computing component that has been assigned a security policy. Thesecurity policy may be assigned using design studio 112. Non-securedcloud computing component module 138 may include deployed cloudcomputing components that have not been assigned a security policy.Secured cloud computing component module 136 may contain agent 140.Agent 140 may deploy, maintain, and/or enforce a security policylocally. Agent 140 may be coupled to control server 108 to facilitatecommunication of data relevant to compliance with a security policy.Each deployed secured cloud computing component may include an agent.Any number of agents may be used to deploy, maintain, and/or enforce asecurity policy locally on a secured cloud computing component. Agent140 may send compliance information to control server 108. Thecompliance information may be relevant to cloud computing componentcompliance with a security policy. The compliance information may berelevant to compliance reports created by compliance reports module 130.

FIG. 2 is a flow diagram of a method of creating a secured cloud gridaccording to an example embodiment. The method 200 begins at 202 with auser selecting cloud computing components (e.g. secured and non-securedcloud computing components). The selection may be facilitated by cloudcomputing component catalog 118. At 204, the user creates connectionsbetween the cloud computing components chosen. The connected cloudcomputing components may become part of a cloud computing componentapplication.

As used herein a “cloud computing application” is a set of virtualmachines and other cloud computing components which provide some kind ofservice. For example, a “web application” is composed of virtualmachines (e.g. an Oracle machine, a web server machine) and other cloudcomputing components (e.g. router, firewall and storage). In an examplea user design of a web application includes dragging and droppingvirtual machines and other cloud computing components and specifying theconnections between them.

At 206, the user may choose to import security policies from a databaseof pre-selected security policies. This may be accomplished using policyimporter 114. The imported security policies may be received fromcustomers of the user. Alternatively, the user may choose to build theirown security policies for a given cloud computing component using policybuilder 116. At 208 the user may assign a security level and a policy tocloud computing components that need to be secured. At 210 the userconnects secured cloud computing components to a control server. At 212a cloud computing component application blueprint is created. The cloudcomputing component application blueprint may be created automaticallyby design studio 112 or manually through use of design studio 114. Thecloud computing component application blueprint may be stored inblueprints module 120.

FIG. 3 is a flow diagram of deploying a cloud computing componentaccording to an example embodiment. Method 300 begins with a userchoosing a cloud computing component application, at 302. The cloudcomputing component application may be chosen from blueprints module120. At 304 deployment properties are specified. The deploymentproperties may be specified automatically by design studio 112 ormanually by a user using design studio 112. At 306 the cloud computingcomponent application is deployed in virtualization environment 108.

FIG. 4 is a flow diagram of updating a security policy or other part ofa cloud computing component blueprint according to an exampleembodiment. Method 400 begins at 402 with a cloud computing componentapplication blueprint being modified with a new cloud computingcomponent version, a modified security policy, or both. At 404 a newcloud computing component application blueprint is generated. The newcloud computing component application blueprint reflects the new cloudcomputing component version or security policy that is to beimplemented. At 406, the location of the cloud computing componentapplication to be updated is identified. The location may be identifiedby deployment tracker 128. Item 408 is optional. At 408, the cloudcomputing component application to be updated with new cloud computingcomponent application parameters is updated. The updating may beaccomplished using grid deployer 126. The new cloud computing componentparameters reflect the new cloud computing component version or modifiedsecurity policy to be implemented in the cloud computing componentapplication. Item 410 is optional. At 410, security policies on cloudcomputing components are updated. The updating may be accomplished usingpolicy distributor 134. Updating may include updating the security levelcorresponding to the cloud computing component.

FIG. 5 is a flow diagram of creating compliance reports. Method 500begins at 502 with collecting audit information and reporting the auditinformation from secured cloud computing components. The collecting maybe accomplished using compliance analyzer 132. The audit information maybe relevant to security policy compliance. The audit information mayregard attempts to violate a security policy. At 504, compliance reportsare generated. A compliance report may be based on actual and/or planneduse of a relevant cloud computing component. Compliance reports may begenerated using compliance reports module 130.

An example method of designing, updating, and generating a compliancereport for a virtual cloud environment includes selecting at least twocloud computing component templates from cloud computing componentcatalog 118. A user may choose to select secured and/or non-securedcloud computing components. After the cloud computing components havebeen selected, connections between the at least two selected cloudcomputing component templates may be defined. Security levels andpolicies may be assigned to the selected cloud computing componenttemplates. The security levels and policies may be imported using policyimporter 114 or built using policy builder 116. A cloud computingcomponent blueprint may be defined for selected cloud computingcomponents. The cloud computing component blueprint may includeinformation regarding security levels and policies assigned to thecorresponding cloud computing component. The cloud computing componentblueprint may also include information regarding the defined connectionscorresponding to the cloud computing component. Relevant cloud computingcomponents with a corresponding cloud computing component blueprint maythen be communicated to control server 108.

Security levels and policies assigned to the selected cloud computingcomponents may be updated. Updating may include generating a modifiedcloud computing component blueprint, the cloud computing componentblueprint altered in accord with a blueprint update corresponding to amodified security policy, or new cloud computing component version, tocreate the modified cloud computing component blueprint. Updating mayinclude identifying where the cloud computing component to be updated isdeployed. Identifying where a cloud computing component has beendeployed may be accomplished using deployment tracker 128. A cloudcomputing component may be updated according to the altered cloudcomputing component blueprint. Updating the cloud computing componentmay be accomplished using policy distributor 134 or grid deployer 126.Audit and reporting information regarding secured cloud computingcomponent compliance with security policies may be collected, andcompliance reports generated as a function of actual and/or planned useof the secured cloud computing components and the security levels andpolicies assigned to the cloud computing component templates.

In an example embodiment a compliance report may include a list ofapplications and the corresponding compliance status of the applicationsin the list. In an example embodiment a user can use filters to helpreview compliance reports. For example a user can use a filter to viewonly those applications which have an outstanding security deviation. Inanother example a user can use a filter to view only those applicationswhich have a specific security attribute. In an example embodiment acompliance report may show what security is missing on a specific cloudcomputing component that is creating a security deviation. It should beappreciated by one of ordinary skill in the art that many other types offilters may be used to help review security policy compliance of cloudcomputing components.

FIG. 6 is a block diagram of a computer system to implement methodsaccording to an example embodiment. In the embodiment shown in FIG. 6, ahardware and operating environment is provided that is applicable to anyof the servers and/or remote clients shown in the other Figures.

As shown in FIG. 6, one embodiment of the hardware and operatingenvironment includes a general purpose computing device in the form of acomputer 600 (e.g., a personal computer, workstation, or server),including one or more processing units 621, a system memory 622, and asystem bus 623 that operatively couples various system componentsincluding the system memory 622 to the processing unit 621. There may beonly one or there may be more than one processing unit 621, such thatthe processor of computer 600 comprises a single central-processing unit(CPU), or a plurality of processing units, commonly referred to as amultiprocessor or parallel-processor environment. In variousembodiments, computer 600 is a conventional computer, a distributedcomputer, or any other type of computer.

The system bus 623 can be any of several types of bus structuresincluding a memory bus or memory controller, a peripheral bus, and alocal bus using any of a variety of bus architectures. The system memorycan also be referred to as simply the memory, and, in some embodiments,includes read-only memory (ROM) 624 and random-access memory (RAM) 625.A basic input/output system (BIOS) program 626, containing the basicroutines that help to transfer information between elements within thecomputer 600, such as during start-up, may be stored in ROM 624. Thecomputer 600 further includes a hard disk drive 627 for reading from andwriting to a hard disk, not shown, a magnetic disk drive 628 for readingfrom or writing to a removable magnetic disk 629, and an optical diskdrive 630 for reading from or writing to a removable optical disk 631such as a CD ROM or other optical media.

The hard disk drive 627, magnetic disk drive 628, and optical disk drive630 couple with a hard disk drive interface 632, a magnetic disk driveinterface 633, and an optical disk drive interface 634, respectively.The drives and their associated computer-readable media provide nonvolatile storage of computer-readable instructions, data structures,program modules and other data for the computer 600. It should beappreciated by those skilled in the art that any type ofcomputer-readable media which can store data that is accessible by acomputer, such as magnetic cassettes, flash memory cards, digital videodisks, Bernoulli cartridges, random access memories (RAMs), read onlymemories (ROMs), redundant arrays of independent disks (e.g., RAIDstorage devices) and the like, can be used in the exemplary operatingenvironment.

A plurality of program modules can be stored on the hard disk, magneticdisk 629, optical disk 631, ROM 624, or RAM 625, including an operatingsystem 635, one or more application programs 636, other program modules637, and program data 638. Programming for implementing one or moreprocesses or method described herein may be resident on any one ornumber of these computer-readable media.

A user may enter commands and information into computer 600 throughinput devices such as a keyboard 640 and pointing device 642. Otherinput devices (not shown) can include a microphone, joystick, game pad,satellite dish, scanner, or the like. These other input devices areoften connected to the processing unit 621 through a serial portinterface 646 that is coupled to the system bus 623, but can beconnected by other interfaces, such as a parallel port, game port, or auniversal serial bus (USB). A monitor 647 or other type of displaydevice can also be connected to the system bus 623 via an interface,such as a video adapter 648. The monitor 647 can display a graphicaluser interface for the user. In addition to the monitor 647, computerstypically include other peripheral output devices (not shown), such asspeakers and printers.

The computer 600 may operate in a networked environment using logicalconnections to one or more remote computers or servers, such as remotecomputer 649. These logical connections are achieved by a communicationdevice coupled to or a part of the computer 600; the invention is notlimited to a particular type of communications device. The remotecomputer 649 can be another computer, a server, a router, a network PC,a client, a peer device or other common network node, and typicallyincludes many or all of the elements described above I/O relative to thecomputer 600, although only a memory storage device 650 has beenillustrated. The logical connections depicted in FIG. 6 include a localarea network (LAN) 651 and/or a wide area network (WAN) 652. Suchnetworking environments are commonplace in office networks,enterprise-wide computer networks, intranets and the internet, which areall types of networks.

When used in a LAN-networking environment, the computer 600 is connectedto the LAN 651 through a network interface or adapter 653, which is onetype of communications device. In some embodiments, when used in aWAN-networking environment, the computer 600 typically includes a modem654 (another type of communications device) or any other type ofcommunications device, e.g., a wireless transceiver, for establishingcommunications over the wide-area network 652, such as the internet. Themodem 654, which may be internal or external, is connected to the systembus 623 via the serial port interface 646. In a networked environment,program modules depicted relative to the computer 600 can be stored inthe remote memory storage device 650 of remote computer, or server 649.It is appreciated that the network connections shown are exemplary andother means of, and communications devices for, establishing acommunications link between the computers may be used including hybridfiber-coax connections, T1-T3 lines, DSL's, OC-3 and/or OC-12, TCP/IP,microwave, wireless application policy, and any other electronic mediathrough any suitable switches, routers, outlets and power lines, as thesame are known and understood by one of ordinary skill in the art.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousaspects of the present disclosure. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularaspects only and is not intended to be limiting of the disclosure. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of anymeans or step plus function elements in the claims below are intended toinclude any disclosed structure, material, or act for performing thefunction in combination with other claimed elements as specificallyclaimed. The description of the present disclosure has been presentedfor purposes of illustration and description, but is not intended to beexhaustive or limited to the disclosure in the form disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of thedisclosure. The aspects of the disclosure herein were chosen anddescribed in order to best explain the principles of the disclosure andthe practical application, and to enable others of ordinary skill in theart to understand the disclosure with various modifications as aresuited to the particular use contemplated.

1. A system comprising: a processor; a computer readable storage mediumhaving computer readable instructions, the instructions executable bythe processor to cause the system to: select a first security policy fora first cloud computing component, wherein the first security policyindicates a plurality of security requirements; deploy the first cloudcomputing component along with an agent to monitor whether the firstcloud computing component complies with the plurality of securityrequirements; receive first security compliance information from theagent; and in response to a determination that the first securitycompliance information indicates that the deployed first cloud computingcomponent does not comply with a first security requirement of theplurality of security requirements, indicate that the first cloudcomputing component does not comply with the first security policy; andmodify the deployed first cloud computing component to comply with thefirst security requirement; receive second security complianceinformation from the agent; and in response to a determination that thesecond security compliance information indicates that the deployed firstcloud computing component complies with the plurality of securityrequirements, indicate that the first cloud computing component complieswith the first security policy.
 2. (canceled)
 3. The system of claim 1,wherein the computer readable storage medium further has instructionsexecutable by the processor to cause the system to: select a cloudcomputing component template from a cloud computing component templatecatalog, wherein the cloud computing component template corresponds tothe first cloud computing component; wherein the instructions executableby the processor to cause the system to modify the deployed first cloudcomputing component to comply with the first security requirementcomprise instructions executable by the processor to cause the system tomodify the cloud computing component template and redeploy the firstcloud computing component in accordance with the modified cloudcomputing component template.
 4. The system of claim 1, wherein thecomputer readable storage medium further has instructions executable bythe processor to cause the system to create a cloud computingapplication blueprint, wherein the blueprint comprises informationregarding the first security policy and a deployment process for thefirst cloud computing component, wherein the instructions executable bythe processor to cause the system to deploy the first cloud computingcomponent comprise instructions executable by the processor to cause thesystem to deploy the first cloud computing component in accordance withthe blueprint.
 5. (canceled)
 6. The system of claim 1, wherein thecomputer readable storage medium further has instructions executable bythe processor to cause the system to periodically retrieve securitycompliance information from the agent.
 7. (canceled)
 8. A methodcomprising: selecting a first security policy for a first cloudcomputing component, wherein the first security policy indicates aplurality of security requirements; deploying the first cloud computingcomponent along with an agent to monitor whether the first cloudcomputing component complies with the plurality of securityrequirements; receiving first security compliance information from theagent; in response to a determination that the first security complianceinformation indicates that the deployed first cloud computing componentdoes not comply with a first security requirement of the plurality ofsecurity requirements, indicating that the first cloud computingcomponent does not comply with the first security policy; and modifyingthe deployed first cloud computing component to comply with the firstsecurity requirement; receiving second security compliance informationfrom the agent; and in response to a determination that the secondsecurity compliance information indicates that the deployed first cloudcomputing component complies with the plurality of securityrequirements, indicating that the first cloud computing complies withthe first security policy.
 9. (canceled)
 10. The method of claim 8further comprising: selecting a cloud computing component template froma cloud computing component template catalog, wherein the cloudcomputing component template corresponds to the first cloud computingcomponent; wherein modifying the deployed first cloud computingcomponent to comply with the first security requirement comprisemodifying the cloud computing component template and redeploying thefirst cloud computing component in accordance with the modified cloudcomputing component template.
 11. The method of claim 8 furthercomprising creating a cloud computing application blueprint, wherein theblueprint comprises information regarding the first security policy anda deployment process for the first cloud computing component, whereindeploying the first cloud computing component comprises deploying thefirst cloud computing component in accordance with the blueprint. 12.(canceled)
 13. The method of claim 8 further comprising periodicallyretrieving security compliance information from the agent. 14.(canceled)
 15. A non-transitory computer readable storage medium withinstructions stored thereon, the instructions to: select a firstsecurity policy for a first cloud computing component, wherein the firstsecurity policy indicates a plurality of security requirements; deploythe first cloud computing component along with an agent to monitorwhether the first cloud computing component complies with the pluralityof security requirements; receive first security compliance informationfrom the agent; and in response to a determination that the firstsecurity compliance information indicates that the deployed first cloudcomputing component does not comply with a first security requirement ofthe plurality of security requirements, indicate that the first cloudcomputing component does not comply with the first security policy; andmodify the deployed first cloud computing component to comply with thefirst security requirement; receive second security complianceinformation from the agent; and in response to a determination that thesecond security compliance information indicates that the deployed firstcloud computing component complies with the plurality of securityrequirements, indicate that the first cloud computing component complieswith the first security policy.
 16. (canceled)
 17. The non-transitorycomputer readable storage medium of claim 15 further comprisinginstructions to: select a cloud computing component template from acloud computing component template catalog, wherein the cloud computingcomponent template corresponds to the first cloud computing component;wherein the instructions to modify the deployed first cloud computingcomponent to comply with the first security requirement compriseinstructions to modify the cloud computing component template andredeploy the first cloud computing component in accordance with themodified cloud computing component template.
 18. The non-transitorycomputer readable storage medium of claim 15 further comprisinginstructions to a cloud computing application blueprint, wherein theblueprint comprises information regarding the first security policy anda deployment process for the first cloud computing component, whereinthe instructions to deploy the first cloud computing component compriseinstructions to deploy the first cloud computing component in accordancewith the blueprint.
 19. (canceled)
 20. (canceled)
 21. The system ofclaim 1, wherein the computer readable storage medium further hasinstructions executable by the processor to cause the system to:determine that a second security requirement of the plurality ofsecurity requirements indicates that data of the first cloud computingcomponent should be password protected; deploy a second cloud computingcomponent, wherein the second cloud computing component receives datafrom the first cloud computing component and is monitored by the agent;receive third security compliance information from the agent; and inresponse to a determination that the third security complianceinformation indicates that the deployed second cloud computing componentdoes not comply with the second security requirement, modify thedeployed second cloud computing component to provide password protectionfor data received from the first cloud computing component.
 22. Thesystem of claim 1, wherein the computer readable storage medium furtherhas instructions executable by the processor to cause the system to:determine whether the deployed first cloud computing component complieswith each of the plurality of security requirements based, at least inpart, on actual use of the deployed first cloud computing component andplanned use of the deployed first cloud computing component, wherein theactual use and the planned use is indicated in the first securitycompliance information; and generate a compliance report based, at leastin part, on the determination of whether the deployed first cloudcomputing component compiles with each of the plurality of securityrequirements, wherein the compliance report indicates a compliancestatus of the deployed first cloud computing component.
 23. The systemof claim 1, wherein the computer readable storage medium further hasinstructions executable by the processor to cause the system to:determine that the first security compliance information comprises anindication of a security event, wherein the security event was anattempt to violate security of the first cloud computing component; andin response to the indication of the security event, update the firstcloud computing component with a second security policy, wherein thesecond security policy imposes greater security than the first securitypolicy.
 24. The method of claim 8 further comprising: determining that asecond security requirement of the plurality of security requirementsindicates that data of the first cloud computing component should bepassword protected; deploying a second cloud computing component,wherein the second cloud computing component receives data from thefirst cloud computing component and is monitored by the agent; receivingthird security compliance information from the agent; and in response toa determination that the third security compliance information indicatesthat the deployed second cloud computing component does not comply withthe second security requirement, modifying the deployed second cloudcomputing component to provide password protection for data receivedfrom the first cloud computing component.
 25. The method of claim 8further comprising: determining whether the deployed first cloudcomputing component complies with each of the plurality of securityrequirements based, at least in part, on actual use of the deployedfirst cloud computing component and planned use of the deployed firstcloud computing component, wherein the actual use and the planned use isindicated in the first security compliance information; and generating acompliance report based, at least in part, on the determination ofwhether the deployed first cloud computing component compiles with eachof the plurality of security requirements, wherein the compliance reportindicates a compliance status of the deployed first cloud computingcomponent.
 26. The method of claim 8 further comprising: determiningthat the first security compliance information comprises an indicationof a security event, wherein the security event was an attempt toviolate security of the first cloud computing component; and in responseto the indication of the security event, updating the first cloudcomputing component with a second security policy, wherein the secondsecurity policy imposes greater security than the first security policy.27. The non-transitory computer readable storage medium of claim 15further comprising instructions to: determine that a second securityrequirement of the plurality of security requirements indicates thatdata of the first cloud computing component should be passwordprotected; deploy a second cloud computing component, wherein the secondcloud computing component receives data from the first cloud computingcomponent and is monitored by the agent; receive third securitycompliance information from the agent; and in response to adetermination that the third security compliance information indicatesthat the deployed second cloud computing component does not comply withthe second security requirement, modify the deployed second cloudcomputing component to provide password protection for data receivedfrom the first cloud computing component.
 28. The non-transitorycomputer readable storage medium of claim 15 further comprisinginstructions to: determine whether the deployed first cloud computingcomponent complies with each of the plurality of security requirementsbased, at least in part, on actual use of the deployed first cloudcomputing component and planned use of the deployed first cloudcomputing component, wherein the actual use and the planned use isindicated in the first security compliance information; and generate acompliance report based, at least in part, on the determination ofwhether the deployed first cloud computing component compiles with eachof the plurality of security requirements, wherein the compliance reportindicates a compliance status of the deployed first cloud computingcomponent.
 29. The non-transitory computer readable storage medium ofclaim 15 further comprising instructions to: determine that the firstsecurity compliance information comprises an indication of a securityevent, wherein the security event was an attempt to violate security ofthe first cloud computing component; and in response to the indicationof the security event, update the first cloud computing component with asecond security policy, wherein the second security policy imposesgreater security than the first security policy.